《PDF取证与真实性检测.pdf》由会员分享,可在线阅读,更多相关《PDF取证与真实性检测.pdf(29页珍藏版)》请在三个皮匠报告上搜索。
1、PDF Forensics1.Definition2.What can we do with PDF in a forensic point of view?3.PDF Standards4.Challenges of PDF Forensic5.PDF Objects,why it is so important6.How a PDF is decoded7.Which tool I need to use?8.Practical examplesPDF Forensic3 Portable Document Format ISO 32000 Developed by Adobe in 19
2、92 Present documents with text and image formatting Independent of OS,hardware,software versionsPDF Definition41.Definition2.What can we do with PDF in a forensic point of view?3.PDF Objects,why it is so important4.Which tool I need to use?5.Practical examplesPDF Forensic5 Authentic or Fake?Determin
3、ing whether a PDF is a fake or not can be extremely complex.A single false document can cost millions of euros or put lives at risk The aim of PDF forensics or PDF investigation is to search for traces of forgery or modification of the PDF.To do this,you need to understand the internal structure of
4、PDFs and have a few tools at your disposalWhat can we do with PDF in a forensic approach?6 Different steps to move forward Phase 1:initial examination of the PDF,MD5 hash,visual inspection and search for the production source(scanner,printer,.).Phase 2:attempt to obtain an original PDF from the same
5、 source(scanner,printer,etc.)Phase 3 detection of the PDF code,reverse engineering of the document,identification of the last elements modified,detection of images,detection of fonts.Phase 4 examination of private metadata,hidden images and hidden text There are no miracles:a document that is printe
6、d then rescanned and finally reprinted as a PDF obviously loses its characteristics.What can we do with PDF in a forensic approach?7 Different PDF categories The next three categories all deal with compatibility with three standards to which a PDF file can conform.These standards are a set of rules